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REMARKS 

Claims 1-34 were presented for examination and all claims were rejected. In the current 
amendment, claims 1-13, 16-21 and 22-32 have been amended. No new matter has been 
introduced. Upon entry of the current amendment, claims 1-34 will be pending, of which claims 
1 and 26 are independent. Applicants submit that claims 1-34 are patentable and in condition for 
allowance. 

The following comments address all stated grounds of rejection. Applicants respectfully 
traverse all rejections and urge the Examiner allow the claims in view of the remarks set forth 
below. 

EXAMINER INTERVIEW 

Applicants wish to thank Examiner Huaracha for taking the time to discuss this 
application with the Applicants' representative on April 10, 2009. During the interview, 
Applicants and the Examiner generally discussed the claims and specification. Applicants have 
prepared this response in accordance with the matters discussed. 

CLAIM REJECTIONS UNDER 35 U.S.C. $112 

I. Claims 2-26 and 31 Rejected Under 35 U.S.C. §112 

Claims 2-26 and 3 1 were rejected under 35 U.S.C. § 1 12, second paragraph, for failing to 
particularly point out and distinctly claim the subject matter which Applicants regard as the 
invention. Applicants hereby amend claims 1, 13, 20, 25, 26 and 31 and respectfully submit that 
the rejections are overcome by these amendments. Accordingly, Applicants request that the 
Examiner withdraw the rejection of claims 2-26 and 3 1 under 35 U.S.C. §112. 

CLAIM REJECTIONS UNDER 35 U.S.C. $101 

II. Claims 1-34 Rejected Under 35 U.S.C. §101 

Claims 1-34 were rejected under 35 U.S.C. §101 as directed towards non-statutory 
subject matter. Claims 1 and 26 are independent claims. Claims 2-25 depend on and incorporate 
all of the patentable subject matter of independent claim 1 . Claims 27-34 depend on and 
incorporate all of the patentable subject matter of independent claim 26. Applicants traverse this 
rejection and submit that claims 1-34, as amended, are directed to statutory subject matter. 
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Claim 1 , as amended, recites a suitably programmed computer performing the steps of 
receiving a request to access a system object stored in a memory element, selecting from a 
memory element a rule associated with the request, forming a literal name for the system object, 
and issuing a request to access the system object. Applicants respectfully submit that a suitably 
programmed computer, performing these steps, comprises statutory subject matter. 

Independent claim 26, as amended, recites an apparatus having computer-readable 
program means. Applicants respectfully submit that claims directed to an apparatus having 
computer-readable program means recite statutory subject matter. 

For at least the above discussed reasons, Applicants submit that the subject matter of 
claims 1 and 26 are directed to statutory subject matter. Claims 2-25 depend on and incorporate 
all of the patentable subject matter of independent claim 1 . Claims 27-34 depend on and 
incorporate all of the patentable subject matter of independent claim 26. Correspondingly, 
claims 2-25 and 27-34 are also directed to statutory subject matter. Accordingly, Applicants 
request the Examiner to reconsider and withdraw the rejection of claims 1-34 under 35 U.S.C. 
§101. 

CLAIM REJECTIONS UNDER 35 U.S.C. S103 

III. Claims 1-34 Rejected under 35 USC § 103(a) 

Claims 1, 6, 14-16 and 21 were rejected as unpatentable over U.S. Patent No. 7,203,941 
B2 to Demsey et al. ("Demsey") in view of U.S. Patent No. 6,321,219 Bl to Gainer et al. 
("Gainer"). Claims 8-10, 13, 17-20 and 22-25 were rejected as unpatentable over Demsey in 
view of Gainer and Official Notice. Claims 2 and 5 were rejected as unpatentable over Demsey 
in view of Gainer and in further view of U.S. Patent No. 7,213,247 Bl to Wilner et al. ("Wilner"). 
Claim 3 was rejected as unpatentable over Demsey in view of Gainer and in further view of 
"Process Migration: A generalized Approach Using a Virtualizing Operating System", Boyd et 
al, ICDCS '02 ("Boyd"). Claim 4 was rejected as unpatentable over Demsey in view of Gainer 
and in further view of U.S. Patent No. 5,668,958 Al to Bendert et al. ("Bendert"). Claim 7 was 
rejected as unpatentable over Demsey in view of Gainer and in further view of U.S. Patent 
Application Publication No. 2005/0192921 Al to Chaudhuri et al. ("Chaudhuri"). Claims 1 1 and 
12 were rejected as unpatentable over Demsey in view of Gainer and in further view of U.S. 
Patent No. 6,023,721 Al to Cummings et al. ("Cummings"). Claims 26 and 27 were rejected as 
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unpatentable over Demsey in view of Boyd. Claims 31-34 were rejected as unpatentable over 
Demsey in view of Boyd and Official Notice. Claim 28 was rejected as unpatentable over 
Demsey in view of Boyd and in further view of Wilner. Claims 29 and 30 were rejected as 
unpatentable over Demsey in view of Boyd and in further view of Chaudhuri. Claims 2-25 
depend on and incorporate all of the patentable subject matter of independent claim 1, as 
amended. Claims 27-34 depend on and incorporate all of the patentable subject matter of 
independent claim 26, as amended. Applicants traverse these rejections and submit that Demsey, 
Gainer, Wilner, Boyd, Bendert, Cummings, and Chaudhuri, alone or in combination, fail to teach 
or suggest each and every feature of the claimed invention, as amended, and that the Official 
Notice was taken in error. 

A. Independent Claim 1 Patentable over Demsey in view of Gainer 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. Amended claim 1 is directed towards a method for 
virtualizing access to system objects for processes executing in the context of an isolation 
environment, the isolation environment comprising an application isolation layer and a user 
isolation layer. The process requests access to a system object, and the request includes a virtual 
name for the system object. Responsive to the application isolation layer and the user isolation 
layer forming the isolation environment, a rule is selected and a literal name for a system object 
is formed. Demsey and Gainer, alone or in combination, fail to teach or suggest each and every 
element of the claimed invention, as amended. 

Neither Demsey nor Gainer teach or suggest a process executing in the context of an 
isolation environment requesting a system object, the request including a virtual name for the 
system object. Demsey describes a tracking system for system resource handles for the purpose 
of reallocating resources to applications and performing garbage collection routines. Native 
resources described by Demsey include UI resources for drawing and windowing management, 
pointing devices and keyboards, and sockets for networking (see Demsey, col. 6, lines 8-19). 
Demsey teaches a trusted App routine that schedules and allocates resources to applications and 
controls their access to native resources. Demsey' s applications all directly request access to the 
same native resources (see Demsey, col. 7, lines 33-36), so a scheduling and access control 
routine is necessary to keep applications from interfering. This is distinct from the isolation 
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environment of the claimed invention, wherein processes executing within the isolation 
environment have a user isolation scope, or a user-specific view of system resources (see 
specification, paragraph 61). Thus, Demsey fails to teach or suggest each and every element of 
the invention. 

The Examiner cites Gainer for the purpose of extending the requested native resources of 
Demsey to include system objects. However, Gainer merely describes a dynamic symbolic 
linking system. "Phantom" files and directories may be created and linked to real files and 
directories based on a user-defined rule, such as all files containing the user name that are more 
recent than a certain date (see Gainer, col. 8, lines 5-15). Because Gainer's links do not exist at 
all times, they cannot become invalid or obsolete if the linked real file is moved or deleted (see 
Gainer, col. 2, lines 20-34). This is not an isolation environment, however. Similar to Demsey, 
in Gainer, all applications and users see the same, identical view of system resources. Gainer 
merely adds that the same file may appear in several places as phantom files. As such, Gainer 
likewise fails to teach or suggest an isolation environment, comprising an application isolation 
layer and a user isolation layer. Furthermore, one of ordinary skill in the art would be unlikely to 
even combine Demsey and Gainer. Demsey teaches a tracking system and garbage collection 
method to prevent devices with low processing abilities from being overloaded by previously- 
requested and currently-unused system resources, and Gainer teaches a symbolic linking of file 
systems. Most users would prefer to not have their files subject to garbage collection routines 
merely because they had not recently used them. Thus, Demsey and Gainer, alone or in 
combination, fail to teach or suggest each and every element of the claimed invention. 

Because Demsey and Gainer, alone or in combination, fail to teach or suggest each and 
every element of the claimed invention, Applicants submit that independent claim 1 is patentable 
and in condition for allowance. Therefore, Applicants request the Examiner to withdraw the 
rejection of claim 1 under 35 U.S. C. §103. 

B. Independent Claim 26 Patentable over Demsey in view of Boyd 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. Amended claim 26 is directed towards an apparatus 
comprising means for virtualizing access to system objects for processes executing in the context 
of an isolation environment, the isolation environment comprising an application isolation layer 
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and a user isolation layer. The apparatus receives a request from a process executing in the 
isolation environment to access a system object, and the request includes a virtual name for the 
system object. The apparatus forms a literal name for the system object based on the application 
isolation layer and user isolation layer and the request for access is issued to the operating system, 
now with the literal name instead of the virtual name for the system object. Demsey and Boyd, 
alone or in combination, fail to teach or suggest each and every element of the claimed invention, 
as amended. 

As discussed above in connection with the rejection of claim 1, Demsey fails to teach or 
suggest a process executing in the context of an isolation environment, the isolation environment 
comprising an application isolation layer and a user isolation layer, requesting a virtual name for 
an object. Instead, Demsey merely describes a scheduling and access control system for native 
system resource handles. The Examiner cites Boyd for the purpose of describing a hooking 
mechanism. However, Boyd also fails to teach or suggest an isolation environment comprising 
an application isolation layer and a user isolation layer. Instead, Boyd describes a system for 
suspending applications, migrating them to a new machine, and restoring them to their previous 
state. Application requests to resources such as ports or memory addresses by their addresses on 
the original machine are intercepted and translated into new addresses, which may be different 
because they are selected, frequently randomly, as processes start (see Boyd, section 3.2.1, 
paragraph 3). However, Boy requires that both the original machine and the new machine be 
identical (see Boyd, section 3.1). Only randomly selected addresses are translated - Boyd's 
applications still need to see the identical operating system, files, and registry keys that they saw 
before being suspended. This is distinct from the claimed invention, in which applications 
execute in the context of a application isolation layer and user isolation layer, which provide 
application- specific and user- specific views of native resources. In fact, presenting the restored 
application in Boyd with a different user isolation scope than was used when it was suspended 
would result in inadvertent and undesired changes, and as such, Boyd teaches away from this at 
section 3.1. Thus, Demsey and Boyd, alone or in combination, fail to teach or suggest each and 
every element of the claimed invention. 

Because Demsey and Boyd, alone or in combination, fail to teach or suggest each and 
every element of the claimed invention, Applicants submit that independent claim 26 is 
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patentable and in condition for allowance. Therefore, Applicants request the Examiner to 
withdraw the rejection of claim 26 under 35 U.S.C. §103. 

C. Dependent Claims 2-25 and 27-34 Patentable over Bendert, Boyd, Chaudhuri, Cummings, 
Demsey, Gainer, Wilner and Official Notice 

In view of the arguments above in connection with the rejection of independent claims 1 
and 26, Applicants submit that independent claims 1 and 26 are patentable and in condition for 
allowance. Claims 2-25 depend on and incorporate all of the patentable subject matter of 
independent claim 1. Claims 27-34 depend on and incorporate all of the patentable subject 
matter of independent claim 26. Thus, Applicants submit that claims 2-25 and 27-34 are also 
patentable and in condition for allowance. 

Furthermore, alone or in combination with Demsey, Gainer and Boyd (discussed above in 
connection with the rejections of independent claims 1 and 26), each of the cited references fail 
to teach or suggest an application isolation environment comprising an application isolation layer 
and a user isolation layer. The Examiner cites Bendert for the purpose of describing an API 
receiving a request to open a system object. However, like Demsey, Gainer and Boyd, Bendert 
is silent regarding a user isolation layer. Instead, Bendert teaches a hybrid file system where 
applications using APIs native to different file systems don't interfere with read/write access to 
files stored in the different file systems. Unlike the claimed invention, each application does not 
receive a unique view of system resources; rather, all applications can view all system resources, 
even those in different file systems (see Bendert, col. 2, lines 35-45). Thus, similar to Demsey, 
Gainer and Boyd, Bendert fails to teach or suggest an application isolation environment 
comprising an application isolation layer and a user isolation layer. 

The Examiner cites Chaudhuri for the purpose of describing a rules engine and database 
to define, classify, register and manage rules. However, Chaudhuri' s rules engine merely 
monitors a database for events, and then performs an action based on whether an active rule is 
triggered by the event (see Chaudhuri, paragraph 28). Not only is Chaudhuri silent regarding 
isolation environments, Chaudhuri's rules are not selected for use based on application and user 
isolation layers. Instead, all rules present in the system are applied to an event to determine if the 
event has triggered one of the myriad rules' thresholds. Thus, Chaudhuri also fails to teach or 



4432401v3 



- 14- 



Application No. 10/711,735 



Docket No. CTX-108US 



suggest an application isolation environment comprising an application isolation layer and a user 
isolation layer. 

The Examiner cites Cummings for the purpose of describing system objects with global 
visibility. Cummings describes a system for allowing single-user applications executed within a 
multi-user environment to create globally visible objects. Rather than creating an isolation 
environment with application and user isolation layers, Cummings unisolates the environment, 
such that resources are shared by multiple users. Specifically, Cummings intercepts API calls 
and adds a user identifier to the name. Instead of forming a literal name in response to a rule 
selected responsive to an application isolation layer and a user isolation layer as in the claimed 
invention, Cummings replaces a literal name with a new name including a user identifier (see 
Cummings, col. 3, lines 57-62). A new resource is instantiated with the new name. All 
applications can see the new resource, but because it has a name that includes a user identifier, 
requests for resources by different applications aren't ambiguous. Thus, Cummings also fails to 
teach or suggest an application isolation environment comprising an application isolation layer 
and a user isolation layer. 

The Examiner cites Wilner for the purpose of extending Demsey's native system 
resources to semaphores and message queues. Wilner describes a system for creating protection 
domains, essentially a set of rules or access control lists for memory locations and system objects 
to allow or deny access by a process to the memory location or system object. While Wilner 
discusses resources as "seen," this is merely a reference to which resources the process has 
permission to access. The process can still issue requests to an object owned by another 
protection domain, and will merely receive a denial of access if permission is not allowed (see 
Wilner, col. 13, lines 40-63). This is distinct from the claimed invention, where the isolation 
environment, comprising an application isolation layer and a user isolation layer, presents a 
unique view of system resources. Because processes in the isolation environment do not see 
resources outside their unique application or user scopes, there is no need for an access control 
list. Accordingly, Wilner also fails to teach or suggest an isolation environment comprising an 
application isolation layer and a user isolation layer. 

The Examiner takes Official Notice that the technique of forming scope-specific literal 
names for system objects, files or components is known. Applicants respectfully disagree. The 
isolation scopes of the claimed invention are user-specific or application-specific views of native 
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system resources. A process running in the context of an application isolation environment 
requests access to a resource using a virtual name, and a literal name is formed according to a 
rule selected responsive to the application isolation layer and user isolation layer. The literal 
name is not scope-specific, but is the literal name for the system object. It would not make sense 
that a literal name could be scope-specific, because the scope is a unique and virtualized view of 
the resources, not the resources represented by the literal names. Thus, Applicants believe the 
Official Notice that a technique of forming a scope-specific literal name for an object was taken 
in error. 

Because, Bendert, Boyd, Chaudhuri, Cummings, Demsey, Gainer and Wilner fail to teach 
or suggest each and every feature of the claimed invention, and the Official Notice was taken in 
error, Applicants submit that these references fail to detract from the patentability of independent 
claims 1 and 26 and dependent claims 2-25 and 27-34. Therefore, Applicants respectfully 
request the Examiner to withdraw the rejection of claims 2-25 and 27-34 under 35 U.S.C. §103. 

CONCLUSION 

In light of the aforementioned arguments, Applicants contend that each of the Examiner's 
rejections has been adequately addressed and all of the pending claims are in condition for 
allowance. Accordingly, Applicants respectfully request reconsideration, withdrawal of all 
grounds of rejection, and allowance of all of the pending claims. 

Should the Examiner feel that a telephone conference with Applicants' attorney would 
expedite prosecution of this application, the Examiner is urged to contact the Applicants' 
attorney at the telephone number identified below. 



Respectfully submitted, 

CHOATE, HALL & STEWART, LLP 

Dated: April 20, 2009 /John D. Lanza/ 

John D. Lanza 
Reg. No. 40,060 
Attorney for Applicants 

Choate, Hall & Stewart, LLP 
Two International Place 
Boston, MA 021 10 
(617) 248-5000 
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